Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Warning: Cannot modify header information - headers already sent (PHP) [duplicate]

My issue is somewhat similar to the following post..

PHP error: Cannot modify header information – headers already sent

But in my case I chose to start the session once I determine there is no validation errors from the login form and the user's login info matches that of the database. Here is the following code:

Login page (before any html)

session_name('username');
session_name('ip');
session_name('start');
session_start();    

Login.php snippet (in the body of html)

         } else {
            $user = $_POST['username']; 
            $userpass = md5($_POST['password']); 
            $login_results = statement("select username, password from `$admin` where username='$user' and password='$userpass'");

            if (mysql_num_rows($login_results)!= 1) { 
                $errmsg = "<span id='error'>Login failed: Username or password not on file</span>";
            }else {

                $_SESSION['username'] = "$user"; 
                $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
                header("Location: index.php"); 
            }
        }
    }

}

if you look at the else block of the code above i'm verifying the login and if its good I want to assign the sessions variables and go to my index page. Which has this code at the very beginning:

 //Session Timeout Script -- used to determine the amount of time the user has been idle.  If it the user has been idle for longer then the session time, log the user out.
 //Secondary to the Timeout Script, the username and ip address is checked for validility and if either fails redirect the user to the login page. 
 session_cache_expire( 20 );
 session_start(); 

 $inactive = 1200;     

 if(isset($_SESSION['start']) ) {
      $session_life = time() - $_SESSION['start'];
  if($session_life > $inactive){
        header("Location: logout.php");
   }
}

  $_SESSION['start'] = time();

    $newip = $_SERVER['REMOTE_ADDR']; 
   if (!isset($_SESSION['username']) ||  empty($_SESSION['username']) || $newip!=    $_SESSION['ip']) { 
 header('Location: login.php'); 
} 

Now reading through the question from that previous author, it was mentioned that header() should be the first thing to execute in the code thats sending the redirect, which in my case is login.php. And doing that allows me to login, but when I log out i'm destroying all my sessions and and using the header() to send me back to the login page. Which will in turn make the login page redirect back to the index page because its the first line of code read. Is there a way to avoid this? so I wouldn't need to repeat some of my code logic I already have in place at the top of login.php?

Andre

like image 221
Andre Avatar asked Nov 13 '10 17:11

Andre


People also ask

How do I fix warning Cannot modify header information?

If the “Cannot modify header information” error originates from a plugin or theme, you can easily solve it by re-installing the software. If it's a WordPress core file, your best solution is to replace the faulty file with a clean version and reboot the website.

What causes header already sent error in php?

This can also be caused by UTF-8. If a website is coded in ASCII and php files are being saved as UTF-8, it can cause this message. If the website and DB are both UTF-8, it should be ok to save php files as UTF-8. Additionally, this error message is related to the "output_buffering" variable in php.

What causes the following warning Cannot modify header information headers already sent?

Warning: Cannot modify header information - headers already sent by (output started at...''' This is essentially an issue with how the site is coded. Most often, this simply means something was sent to the browser before the PHP header() function was called.


1 Answers

Yes, header must be called before any other output, it's needed by http itself, no way around it. However, you can call header after session_start().

So you can start session, check the login data from $_POST and than start html output.

Btw, why use three session_name in succession?

like image 96
frnhr Avatar answered Sep 26 '22 00:09

frnhr